Combine the CAS & SAML implementations for required attributes. (#9326)

author: Patrick Cloke <clokep@users.noreply.github.com> 2021-02-11 10:05:15 -0500
committer: GitHub <noreply@github.com> 2021-02-11 10:05:15 -0500
commit: 6dade80048380166ac7543d96c4d4686401b1e37 (patch)
tree: 31e9f226a6f77a701a5849878c2b0cffd71b89c6 /synapse/config/cas.py
parent: Remove conflicting sqlite tables that are "reserved" (shadow fts4 tables) (#9... (diff)
download: synapse-6dade80048380166ac7543d96c4d4686401b1e37.tar.xz
1 files changed, 30 insertions, 2 deletions
diff --git a/synapse/config/cas.py b/synapse/config/cas.py
index b226890c2a..daea848d24 100644
--- a/synapse/config/cas.py
+++ b/synapse/config/cas.py
@@ -13,7 +13,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from typing import Any, List
+
+from synapse.config.sso import SsoAttributeRequirement
+
 from ._base import Config
+from ._util import validate_config
 
 
 class CasConfig(Config):
@@ -38,12 +43,16 @@ class CasConfig(Config):
                 public_base_url + "_matrix/client/r0/login/cas/ticket"
             )
             self.cas_displayname_attribute = cas_config.get("displayname_attribute")
-            self.cas_required_attributes = cas_config.get("required_attributes") or {}
+            required_attributes = cas_config.get("required_attributes") or {}
+            self.cas_required_attributes = _parsed_required_attributes_def(
+                required_attributes
+            )
+
         else:
             self.cas_server_url = None
             self.cas_service_url = None
             self.cas_displayname_attribute = None
-            self.cas_required_attributes = {}
+            self.cas_required_attributes = []
 
     def generate_config_section(self, config_dir_path, server_name, **kwargs):
         return """\
@@ -75,3 +84,22 @@ class CasConfig(Config):
           #  userGroup: "staff"
           #  department: None
         """
+
+
+# CAS uses a legacy required attributes mapping, not the one provided by
+# SsoAttributeRequirement.
+REQUIRED_ATTRIBUTES_SCHEMA = {
+    "type": "object",
+    "additionalProperties": {"anyOf": [{"type": "string"}, {"type": "null"}]},
+}
+
+
+def _parsed_required_attributes_def(
+    required_attributes: Any,
+) -> List[SsoAttributeRequirement]:
+    validate_config(
+        REQUIRED_ATTRIBUTES_SCHEMA,
+        required_attributes,
+        config_path=("cas_config", "required_attributes"),
+    )
+    return [SsoAttributeRequirement(k, v) for k, v in required_attributes.items()]
author	Patrick Cloke <clokep@users.noreply.github.com>	2021-02-11 10:05:15 -0500
committer	GitHub <noreply@github.com>	2021-02-11 10:05:15 -0500
commit	6dade80048380166ac7543d96c4d4686401b1e37 (patch)
tree	31e9f226a6f77a701a5849878c2b0cffd71b89c6 /synapse/config/cas.py
parent	Remove conflicting sqlite tables that are "reserved" (shadow fts4 tables) (#9... (diff)
download	synapse-6dade80048380166ac7543d96c4d4686401b1e37.tar.xz